NAVY SYSTEMS CONTINUING TO OPERATE WITH WINDOWS XP OR OLDER OPERATING SYSTEMS:
RTTUZYUW RUEWMCS0080 0991807-UUUU--RUCRNAD
ZNR UUUUU
R 091807Z APR 14 PSN 523464H24
FM CNO WASHINGTON DC
TO NAVADMIN
INFO CNO WASHINGTON DC//N2N6//
BT
UNCLAS//
NAVADMIN 080/14
MSGID/GENADMIN/CNO WASHINGTON DC/N2N6BC/APR//
SUBJ/NAVY SYSTEMS CONTINUING TO OPERATE WITH WINDOWS XP OR OLDER OPERATING
SYSTEMS//
REF/A/MSG/CNO/312035ZMAY13//
REF B/DOC/DISA/WINDOWS XP STIG V6 R1.31/24JAN14//
NARR/REF A IS NAVADMIN 151/13 MORATORIUM ON MICROSOFT WINDOWS XP AND ALL
PRIOR VERSIONS OF MICROSOFT OPERATING SYSTEMS. REF B IS WINDOWS XP SECURITY
TECHNICAL IMPLEMENTATION GUIDE V6 RELEASE 1.31.//
RMKS/1. This NAVADMIN provides additional Navy-specific policy and direction
for all Navy ashore and afloat systems/applications that continue to use
Windows XP and older Operating Systems (OS) and associated applications.
This is a coordinated OPNAV/Fleet Cyber Command message.
2. Ref A directed ashore program managers to migrate all systems and
applications to Microsoft Windows 7 (MS WIN 7) or newer versions of MS OS no
later than 31 December 2013 and prohibited ashore program and system managers
from negotiating support contracts with vendors for MS Windows XP and older
OS. Ref A mandate to migrate to WIN 7 remains in effect. Effective 8 April
2014, Microsoft ceases support for Windows XP, Microsoft Office 2003 and
applications prior to the release of WIN 7 OS. Subsequently, all non-WIN 7
OS compatible or compliant IT systems and applications adversely impact the
U.S. Navy and DoD cyber security posture.
3. Navy has negotiated an agreement with Microsoft to provide extended
vendor customer support to non-WIN 7 compliant ashore systems from 8 April
2014 to 14 April 2015. This extended support is available only to systems
that have received Deputy Chief Information Officer (Navy) (DDCIO(N))-
approved waivers and have submitted an associated Plan of Action and
Milestones (POA&M) for migration. The cost of extended support will be
allocated among system owners who require it.
4. Any system owner whose environment continues to use Windows XP OS,
Microsoft Office 2003, or older MS platforms, and who has not received an
approved DDCIO(N) waiver, shall submit a Resource Sponsor-approved waiver
request and WIN 7 migration POA&M to DDCIO(N) no later than 2 May 2014 IAW
ref A. Any system or application that has not received a DDCIO(N)-approved
waiver with a POA&M is subject to disconnection on 9 May 2014.
5. After 8 April 2014, non-WIN 7 compatible systems and applications will be
categorized as having Category I vulnerabilities per ref B. In coordination
with OPNAV, FCC will provide additional guidance for non-compliant system
owners operating under a current Authorization to Operate if the CAT I
weakness was discovered after original authorization and cannot be corrected
within 30 days. This guidance will outline the Interim Authorization to
Operate process.
6. Mitigations outlined in para 3 and 5 above do not abrogate the
responsibility of system owners to migrate to WIN 7 as soon as possible.
7. Eradication of WIN XP for afloat capabilities and associated timelines
will be addressed SEPCOR. However, stipulations of para 5 regarding CAT I
vulnerabilities in non-compliant systems are germane to both ashore and
afloat environments.
8. Points of contact are Mr. Joseph Walker at (571) 256-8523/DSN: 223 or
joe.t.walker@navy.mil and Ms. Brooke Zimmerman at (571) 256-8521/DSN: 223
or brooke.zimmerman@navy.mil.//
9. This NAVADMIN will remain in effect until cancelled or superseded.
10. Released by VADM Ted N. Branch, Deputy Chief of Naval Operations,
Information Dominance, OPNAV N2N6.//
BT
#2108
NNNN